[Mimedefang] false positive with filescan

[Lucas Albers]

Yesterday I had a user complained because a word doc was marked as
'suspicious' with filescan.
I had the file quarantined, and ran it through with the scan.pl perl
interface to File::Scan and it does not detect an suspicious items on the
scan.
Any idea how I can troubleshoot this?
Do I need to save the raw work directory, when a suspicious item is
detected, so I can determein the exact raw format it is scanning?
Anyone have code to do this?

It is a very strange problem.
It is the first time an item has been marked like this in 90K emails.
I turned off blocking of items marked as suspicious with File::Scan, while
I troubleshoot it.

-- 
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana State University-Bozeman,Montana